A Policy Engineering Framework for Federated Access Management
Tech report number
CERIAS TR 2006-13
Federated systems are an emerging paradigm for information sharing and inte- gration. Such systems require access management policies that not only protect user privacy and resource security but also allow scalable and seamless interopera- tion. Current solutions to distributed access control generally fail to simultaneously address both dimensions of the problem. This work describes the design of a policy- engineering framework, called X-FEDERATE, for specification and enforcement of access management policies in federated systems. It has been designed from the perspectives of both security management and software engineering to not only al- low specification of requirements for federated access management but also allow development of standardized policy definitions and constructs that facilitate policy deployment and enforcement in a federated system. The framework comprises of an access control language specification that is an extension of the well-accepted Role Based Access Control (RBAC) standard. The language extends RBAC to incorpo- rate various essential features for federated access management. The framework also includes the design of an administrative model targeted at access control policy ad- ministration in a decentralized environment. The framework has been implemented as a research prototype that illustrates the use of X-FEDERATE as an enabling technology for secure Web-based federation with applications in federated digital libraries and federated electronic healthcare management.
access control, policy based management, federated systems